Encryption as a Scapegoat Argument for the Paris Attacks Looks Even Worse

Law enforcement officials in the US are using the Paris attacks to argue that governmental powers need special access to crack encryption. As we expressed previously, that is a flawed argument, and it’s looking worse as more information comes out about how the attacks went down.

News outlets from Paris report that a phone with an unencrypted text message was found at the scene of the attack on Bataclan concert hall. The message, sent shortly after gunfire began, stated “it begins”. Police used the phone’s geolocation data to find the safehouses used by the terrorists who carried out the attacks, according to Paris prosecutor François Molins.

Of course, these attackers could’ve used encryption at other points as they planned and carried out their killing spree. We don’t have the whole story. But what we do know — that the police used a phone with information and communications left out in the open — gives us evidence that at least one portion of the plotting happened without the use of encryption.

That’s important, because US intelligence and law enforcement officials are seizing this fearful moment to pressure global tech companies to create special encryption backdoors in their devices, which can be opened when the powers-that-be feel the need. The argument: Encryption is a terrorist’s best friend, a dangerous tool that blinds police and investigators until it’s too late and people die, and companies need to neuter privacy tools to let law enforcement in.

This argument casts encryption as an information blockade that fuels terrorist success, and ignores how essential encryption is to how people use the internet every day. Without encryption, online banking and shopping would be too risky; it offers an essential protection for anyone who communicates digitally, not just from the GCHQ and NSA, but from all breach and theft attempts. Creating a method to allow law enforcement to break encryption would fundamentally destroy its usefulness, because it would create a hole that anyone with bad intentions could exploit.

And now that we have evidence that the terrorists didn’t even use encryption as they signalled that their deadly operations were going down, the argument that governments must dismantle encryption rings even more hollow. What law enforcement needs is to shift its focus away from fearmongering about privacy tools and towards fixing its historically flawed human intelligence gathering. [Mediapart | Washington Post ]